add except handling to terraform and kubernetes linters

stelligent · Mar 12, 2018 · 866cc38 · 866cc38
1 parent e4342f4
commit 866cc38
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 22 deletions.
diff --git a/cli/kubernetes.go b/cli/kubernetes.go
@@ -60,18 +60,22 @@ func validateKubernetesResources(report *filter.ValidationReport, resources []fi
 		log(fmt.Sprintf("Rule %s: %s", rule.Id, rule.Message))
 		for _, ruleFilter := range rule.Filters {
 			for _, resource := range filterKubernetesResourcesByType(resources, rule.Resource) {
-				log(fmt.Sprintf("Checking resource %s", resource.Id))
-				status := filter.ApplyFilter(rule, ruleFilter, resource, log)
-				if status != "OK" {
-					v := filter.Violation{
-						RuleId:       rule.Id,
-						ResourceId:   resource.Id,
-						ResourceType: resource.Type,
-						Status:       status,
-						Message:      rule.Message,
-						Filename:     resource.Filename,
+				if filter.ExcludeResource(rule, resource) {
+					log(fmt.Sprintf("Ignoring resource %s", resource.Id))
+				} else {
+					log(fmt.Sprintf("Checking resource %s", resource.Id))
+					status := filter.ApplyFilter(rule, ruleFilter, resource, log)
+					if status != "OK" {
+						v := filter.Violation{
+							RuleId:       rule.Id,
+							ResourceId:   resource.Id,
+							ResourceType: resource.Type,
+							Status:       status,
+							Message:      rule.Message,
+							Filename:     resource.Filename,
+						}
+						report.Violations[status] = append(report.Violations[status], v)
 					}
-					report.Violations[status] = append(report.Violations[status], v)
 				}
 			}
 		}

diff --git a/cli/terraform.go b/cli/terraform.go
@@ -88,18 +88,22 @@ func validateTerraformResources(report *filter.ValidationReport, resources []fil
 		log(fmt.Sprintf("Rule %s: %s", rule.Id, rule.Message))
 		for _, ruleFilter := range rule.Filters {
 			for _, resource := range filterTerraformResourcesByType(resources, rule.Resource) {
-				log(fmt.Sprintf("Checking resource %s", resource.Id))
-				status := filter.ApplyFilter(rule, ruleFilter, resource, log)
-				if status != "OK" {
-					v := filter.Violation{
-						RuleId:       rule.Id,
-						ResourceId:   resource.Id,
-						ResourceType: resource.Type,
-						Status:       status,
-						Message:      rule.Message,
-						Filename:     resource.Filename,
+				if filter.ExcludeResource(rule, resource) {
+					log(fmt.Sprintf("Ignoring resource %s", resource.Id))
+				} else {
+					log(fmt.Sprintf("Checking resource %s", resource.Id))
+					status := filter.ApplyFilter(rule, ruleFilter, resource, log)
+					if status != "OK" {
+						v := filter.Violation{
+							RuleId:       rule.Id,
+							ResourceId:   resource.Id,
+							ResourceType: resource.Type,
+							Status:       status,
+							Message:      rule.Message,
+							Filename:     resource.Filename,
+						}
+						report.Violations[status] = append(report.Violations[status], v)
 					}
-					report.Violations[status] = append(report.Violations[status], v)
 				}
 			}
 		}

diff --git a/example-files/rules/terraform.yml b/example-files/rules/terraform.yml
@@ -29,6 +29,9 @@ Rules:
   - id: R3
     message: Department tag is not valid
     resource: aws_instance
+    except:
+        - foo
+        - third
     filters:
       - type: value
         key: "tags[].Department | [0]"